Create Weblogic keystore 10.3
You need to have JDK 1.6 installed in order to execute keytool located in $JAVA_HOME/bin/keytool.
Note that we are using VeriSign's extended validation certificate, which supports 2048. Starting in 2013, 1024 will no longer be available and 2048 will be required.
Execute the following command and complete the following information.
1) ./keytool -keyalg RSA -genkey -v -alias xbeon -keysize 2048 -storepass changeit -validity 365 -keystore store-name.jks
What is your first and last name?
[Unknown]: example.xbeon.com
What is the name of your organizational unit?
[Unknown]: Information Technology
What is the name of your organization?
[Unknown]: Xbeon, LLC
What is the name of your City or Locality?
[Unknown]: Denver
What is the name of your State or Province?
[Unknown]: CO
What is the two-letter country code for this unit?
[Unknown]: US
Is CN=example.xbeon.com, OU=IT, O="Xbeon, LLC", L=Denver, ST=CO, C=US correct?
[no]: yes
Generating 2,048 bit RSA key pair and self-signed certificate (SHA1withRSA) with a validity of 365 days
for: CN=example.xbeon.com, OU=IT, O="Xbeon, LLC", L=Denver, ST=CO, C=US
Enter key password for
(RETURN if same as keystore password): <-- blank="" hit="" leave="" p="" return.="">[Storing store-name.jks]
Request Weblogic VeriSign Certificate
2) keytool -certreq -alias xbeon -file verisign-request.csr -keystore store-name.jks
Enter keystore password:
Login to Verisign's (must have account) PKI service, copy and paste the contents of verisign-request.csr and submit. An e-mail will be sent with your signed certificate.
After receiving your certificate, you need to add Versign's primary and secondary CA certs to your keystore. You can download them here
Using vi or notepad, paste the contents of the primary and secondary CA’s into primary_EV_CA.cer and secondary_EV_CA.cer, then run the following:
3) keytool -import -trustcacerts -alias primary_EV_CA -keystore store-name.jks -file primary_EV_CA.cer
4) keytool -import -trustcacerts -alias secondary_EV_CA -keystore store-name.jks -file secondary_EV_CA.cer
Save the signed certificate you received from Verisign as verisign.txt and run
5) keytool -import -trustcacerts -alias certus -keystore store-name.jks -file verisign.txt
You will be prompted to enter your keytstore password, which will add the certificate to your keystore.
Configure the Identity and Trust keystores
If you have not already configured weblogic to use SSL, then you will need to complete the following:
1. Click on the mananged server and select the name of the server for which you want to configure keystores.
2. Select 'Keystores and SSL tab' to configure the keystore for the domain.
3. By default, WebLogic ships with demo certificates for testing purposes. Click the 'Change' link in the upper-right portion of the configuration items. This will display the drop-down list of options for configuration.
4. Choose 'Custom Identity and Java Standard Trust' from the list.
5. Specify the identity keystore information:
[Custom identity]
* Custom Identity key store file Name: c:\full\path\to\mykeystore.jks (The fully-qualified-path to your keystore)
* Custom Identity key Store Type: jks (Generally, this attribute is jks)
* Custom Identity key Store Pass Phrase: keystore password (The password defined when creating the keystore. If you don't know the password you have to start over.)
* Confirm Customer Identity key Store Pass Phrase: Keystore_password (same as above)
[Java Standard Trust]
* Java standard Trust Key Store Pass Phrase: changeit (unless your system admin changed it the password for the cacerts keystore is "changeit")
* Confirm Java Standard Trust Key Store Pass Phrase: changeit
* Click Continue
* [Review SSL Private Key Settings]
* Private key Alias: keyEntry_friendly_name (If you followed our instructions to generate the private key the alias will be 'tomcat'. The alias is the friendly name for your keyEntry (private key), if you do not remember it please run the following command on your keystore to confirm the alias: keytool -list -keystore [keystore_friendly_name] -v)
* Passphrase: keyEntry_password (specify the keyEntry (private key) password. The password for the private key may differ from the one for the keystore)
* Confirm Passphrase
6. Click Continue
7. Click Finish
8. Restart WebLogic Server.
Verify Installation
New To verify if your certificate is installed correctly, use our Certificate Installation Checker.
Test your SSL certificate by using a browser to connect to your server. Use the https protocol directive:https://appserver.domain.com:8001/myapp
Your browser's padlock icon Browser padlock will be displayed in the locked position if your certificate is installed correctly and the server is properly configured for SSL.
Thanks,
Ganga Babu
Note that we are using VeriSign's extended validation certificate, which supports 2048. Starting in 2013, 1024 will no longer be available and 2048 will be required.
Execute the following command and complete the following information.
1) ./keytool -keyalg RSA -genkey -v -alias xbeon -keysize 2048 -storepass changeit -validity 365 -keystore store-name.jks
What is your first and last name?
[Unknown]: example.xbeon.com
What is the name of your organizational unit?
[Unknown]: Information Technology
What is the name of your organization?
[Unknown]: Xbeon, LLC
What is the name of your City or Locality?
[Unknown]: Denver
What is the name of your State or Province?
[Unknown]: CO
What is the two-letter country code for this unit?
[Unknown]: US
Is CN=example.xbeon.com, OU=IT, O="Xbeon, LLC", L=Denver, ST=CO, C=US correct?
[no]: yes
Generating 2,048 bit RSA key pair and self-signed certificate (SHA1withRSA) with a validity of 365 days
for: CN=example.xbeon.com, OU=IT, O="Xbeon, LLC", L=Denver, ST=CO, C=US
Enter key password for
(RETURN if same as keystore password): <-- blank="" hit="" leave="" p="" return.="">[Storing store-name.jks]
Request Weblogic VeriSign Certificate
2) keytool -certreq -alias xbeon -file verisign-request.csr -keystore store-name.jks
Enter keystore password:
Login to Verisign's (must have account) PKI service, copy and paste the contents of verisign-request.csr and submit. An e-mail will be sent with your signed certificate.
After receiving your certificate, you need to add Versign's primary and secondary CA certs to your keystore. You can download them here
Using vi or notepad, paste the contents of the primary and secondary CA’s into primary_EV_CA.cer and secondary_EV_CA.cer, then run the following:
3) keytool -import -trustcacerts -alias primary_EV_CA -keystore store-name.jks -file primary_EV_CA.cer
4) keytool -import -trustcacerts -alias secondary_EV_CA -keystore store-name.jks -file secondary_EV_CA.cer
Save the signed certificate you received from Verisign as verisign.txt and run
5) keytool -import -trustcacerts -alias certus -keystore store-name.jks -file verisign.txt
You will be prompted to enter your keytstore password, which will add the certificate to your keystore.
Configure the Identity and Trust keystores
If you have not already configured weblogic to use SSL, then you will need to complete the following:
1. Click on the mananged server and select the name of the server for which you want to configure keystores.
2. Select 'Keystores and SSL tab' to configure the keystore for the domain.
3. By default, WebLogic ships with demo certificates for testing purposes. Click the 'Change' link in the upper-right portion of the configuration items. This will display the drop-down list of options for configuration.
4. Choose 'Custom Identity and Java Standard Trust' from the list.
5. Specify the identity keystore information:
[Custom identity]
* Custom Identity key store file Name: c:\full\path\to\mykeystore.jks (The fully-qualified-path to your keystore)
* Custom Identity key Store Type: jks (Generally, this attribute is jks)
* Custom Identity key Store Pass Phrase: keystore password (The password defined when creating the keystore. If you don't know the password you have to start over.)
* Confirm Customer Identity key Store Pass Phrase: Keystore_password (same as above)
[Java Standard Trust]
* Java standard Trust Key Store Pass Phrase: changeit (unless your system admin changed it the password for the cacerts keystore is "changeit")
* Confirm Java Standard Trust Key Store Pass Phrase: changeit
* Click Continue
* [Review SSL Private Key Settings]
* Private key Alias: keyEntry_friendly_name (If you followed our instructions to generate the private key the alias will be 'tomcat'. The alias is the friendly name for your keyEntry (private key), if you do not remember it please run the following command on your keystore to confirm the alias: keytool -list -keystore [keystore_friendly_name] -v)
* Passphrase: keyEntry_password (specify the keyEntry (private key) password. The password for the private key may differ from the one for the keystore)
* Confirm Passphrase
6. Click Continue
7. Click Finish
8. Restart WebLogic Server.
Verify Installation
New To verify if your certificate is installed correctly, use our Certificate Installation Checker.
Test your SSL certificate by using a browser to connect to your server. Use the https protocol directive:https://appserver.domain.com:8001/myapp
Your browser's padlock icon Browser padlock will be displayed in the locked position if your certificate is installed correctly and the server is properly configured for SSL.
Thanks,
Ganga Babu
can you please share your contact details @ rajweblogic0010@gmail.com
ReplyDeleteDid you know that that you can generate cash by locking selected areas of your blog / website?
ReplyDeleteTo begin just open an account on AdWorkMedia and embed their content locking plugin.